ClawHub

claw-browser-automation-skill

Security checks across malware telemetry and agentic risk

Overview

This is a coherent browser automation guide, but it teaches powerful logged-in browser actions without enough guardrails around session files, arbitrary JavaScript, and authenticated requests.

Install only if you trust the external agent-browser npm package and need full browser automation. Treat saved state files like passwords, pin or verify the CLI package before global install, avoid inline real tokens, use eval/fetch only for user-approved trusted sites, and require explicit approval before uploads, purchases, account changes, public posts, or destructive website actions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Context-Inappropriate Capability

Medium
Confidence
87% confidence
Finding
The skill explicitly documents arbitrary JavaScript execution in the browser context, which materially expands capability from browser automation into unrestricted page-context code execution. In an agent setting, this can enable data extraction beyond visible UI flows, abuse authenticated sessions, or trigger unintended actions against sites the user is logged into.

Context-Inappropriate Capability

Medium
Confidence
90% confidence
Finding
The API-testing section uses browser-side `fetch` and adjacent `eval` functionality to make arbitrary requests from within the browser session. That exceeds basic navigation/form automation and can be used to access APIs with ambient cookies or bearer tokens, increasing the risk of unauthorized data access or exfiltration.

Missing User Warnings

Medium
Confidence
80% confidence
Finding
The documentation encourages saving and loading browser session state to disk without explaining that these files may contain sensitive cookies, tokens, or other authentication artifacts. Persisting such state insecurely can allow account takeover if the file is copied, committed, or reused on shared systems.

Missing User Warnings

Medium
Confidence
85% confidence
Finding
The authentication workflow combines environment-variable credentials with persistent login-state storage, but does not warn that the resulting state file can outlive the credentials and grant continued access. In practice, this increases exposure on developer workstations, CI runners, and shared environments.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal